Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zohocorp Subscribe
Total 418 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2959 1 Zohocorp 1 Manageengine Netflow Analyzer 2016-12-30 7.5 HIGH N/A
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role.
CVE-2015-2960 1 Zohocorp 1 Manageengine Netflow Analyzer 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2961 1 Zohocorp 1 Manageengine Netflow Analyzer 2016-12-30 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators.
CVE-2015-4418 1 Zohocorp 1 Manageengine Netflow Analyzer 2016-12-30 5.0 MEDIUM N/A
Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2015-5459 1 Zohocorp 1 Manageengine Password Manager Pro 2016-12-07 6.5 MEDIUM N/A
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
CVE-2015-5149 1 Zohocorp 1 Manageengine Supportcenter Plus 2016-12-07 5.5 MEDIUM N/A
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
CVE-2015-5061 1 Zohocorp 1 Manageengine Assetexplorer 2016-12-07 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do.
CVE-2015-2169 1 Zohocorp 1 Manageengine Assetexplorer 2016-12-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.
CVE-2015-7766 1 Zohocorp 1 Manageengine Opmanager 2015-10-09 9.0 HIGH N/A
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
CVE-2015-7765 1 Zohocorp 1 Manageengine Opmanager 2015-10-09 9.0 HIGH N/A
ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access by leveraging knowledge of this password.
CVE-2014-2670 1 Zohocorp 1 Manageengine Opstor 2015-07-24 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ManageEngine OpStor before build 8500 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter, a different vulnerability than CVE-2014-0344.
CVE-2014-0344 1 Zohocorp 1 Manageengine Opstor 2015-07-24 6.5 MEDIUM N/A
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter.
CVE-2015-5150 1 Zohocorp 1 Manageengine Supportcenter Plus 2015-07-01 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
CVE-2014-9371 1 Zohocorp 1 Manageengine Desktop Central 2015-03-06 10.0 HIGH N/A
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
CVE-2015-1479 1 Zohocorp 1 Servicedesk Plus 2015-02-06 6.5 MEDIUM N/A
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
CVE-2014-6034 1 Zohocorp 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus 2014-12-05 5.0 MEDIUM N/A
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
CVE-2014-6035 1 Zohocorp 1 Manageengine Opmanager 2014-12-05 7.5 HIGH N/A
Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.
CVE-2012-5956 1 Zohocorp 1 Manageengine Assetexplorer 2012-12-27 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.